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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace aJl prior versions and listings of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A method comprising: 

- establishing a packet tunnel having a source network address and a destination network 
address; 

reserving for the packet tunnel an amount of bandwidth within an access link; 
detecting a network attack; 

selecting a new network address for at least one of the source network address and the 
destination network address upon detecting the network attack; and 

establishing a new packet tunnel using the new network address, wherein the new packet 
tunnel comprises two or more concatenated packet tunnels; 

canceling the reserved bandwidth for the packet tunnel after establishing the new packet 
tunnel; and 

reserving for the new packet tunnel an amount of bandwidth _within the access link upon 
canceling the reserved bandwidth for the packet tunnel . 

2. (Original) The method of claim 1 , wherein the source network address and the destination 
network address comprise port numbers. 

3. (Original) The method of cl aim I , wherein the source network address and the destination 
network address comprise Internet Protocol (IP) addresses. 

4. (Currently Amended) The method of claim 1, wherein detecting a network attack 
comprises detecting an attack on an the access link coupling a destination network device to a 
network. 
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5. (Canceled), 

6. (Original) The method of claim 1, further comprising exchanging a set of available network 
addresses between a source network device originating the packet tunnel and a destination 
network device terminating the packet tunnel. 

7. (Currently Amended) The method of claim ]. , furth e r comprising wherein selecting a new 
network address comprises : 

maintaining a set of available network addresses; and 
selecting one of the network addresses as the new network address? 
e stablishing a n e w packet tunnol uaing the n e w n e twork addr e ss for4ho ^ OQtination 
address ^ aftd 

res e rving for the now paok -efr frann e l an amount of bandwidth within on access link . 

8. (Previously Presented) The method of claim 1, wherein establishing a new packet tunnel 
using the new network address further comprises: 

selecting an intermediate network device; 

establishing a first packet tunnel that terminates on the intermediate network device; and 
establishing a second packet tunnel that originates from the intermediate network device. 

9. (Currently Amended) The method of claim 8, further comprising: 

sending a message from a destination network device to a source network device 
instructing the source network device to establish the first packet tunnel with the intermediate 
network device; and 

reserving for the second packet tunnel an amount of bandwidth within an the access link 
coupling the destination network device to a network. 
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10. (Original) The method of claim 9, further comprising: 

establishing a secure signaling channel between the source network device and the 
destination network device; and 

sending the message via the secure signaJing channel. 

1 1 . (Original) The method of claim 8, further comprising 

de-encapsulating at the intermediate network device packets received from the first 
packet tunnel; and 

re-encapsulating the packets at the intermediate network device for communication via 
the second packet tunnel. 

12. (Original) The method of claim 8, further comprising: 

establishing a secure signaling channel between a source network device and a destination 
network device; 

sending via the secure signaling channel control packets between the source network 
device and the destination network device to monitor the performance of the first and second 
packet tunnels; and 

selecting a new intermediate network device when the performance reaches a minimum 
threshold. 

13. (Original) The method of claim 12, further comprising maintaining a set of possible 
intermediate network devices, and wherein selecting the intermediate network device comprises 
selecting one of the possible intermediate network devices from the set. 

14. (Original) The method of claim 5, wherein reserving an amount of bandwidth comprises 
sending a reservation message from a destination network device terminating the packet tunnel to 
a service provider access device. 

15. (Original) The method of claim 14. wherein sending a reservation message comprises 
sending the reservation message according to the Resource Reservation Protocol (RSVP). 
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16> (Original) The method of claim ] , wherein establishing a packet tunnel comprises: 
maintaining a set of available multicast network addresses; 
selecting one of the multicast network addresses for the packet tunnel; and 
subscribing to a multicast channel for the selected multicast network address. 

17. (Original) The method of claim 16, wherein establishing a new packet tunnel comprises: 

unsubscribing to the multicast channel; 

selecting one of the multicast network addresses for the destination network address; 
establishing a new packet tunnel using the new destination address; and 
subscribing to a multicast channel for the selected multicast network address. 

18. (Withdrawn) A method comprising: 

establishing a packet tunnel having a source network address and a destination network 
address; and 

establishing for the packet tunnel a truncated reservation path within an access link 
coupled to a destination network device that terminates the packet tunnel 

19. (Withdrawn) The method of claim 1 8, wherein the source network address and the 
destination network address comprise port numbers. 

20. (Withdrawn) The method of claim 1 8, wherein the source network address and the 
destination network address comprise Internet Protocol (IP) addresses. 

2 1 , (Withdrawn) The method of claim 1 8, wherein establishing a truncated reservation path 
comprises issuing a reservation command from the destination device to reserve an amount of 
bandwidth within the access link for the packet tunnel. 
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22. (Withdrawn) The method of claim 1 8, further comprising: 

detecting a network attack; and 

canceling the truncated reservation path for the packet tunnel upon detecting the network 

attack, 

23. (Withdrawn) The method of claim 22, further comprising: 

establishing a new packet tunnel upon detecting the network attack; and, 
reserving for the new packet tunnel an amount of bandwidth within the access link. 

24. (Withdrawn) The method of claim 1 8, wherein establishing a truncated reservation path 
comprises sending a reservation message from a destination network device terminating the 
packet tunnel to a service provider access device coupled to the destination network device via an 
access link, wherein the reservation message indicates that packet flow for the tunnel terminates 
with the destination device. 

25. (Withdrawn) The method of claim 24, wherein sending a reservation message comprises 
sending the reservation message according to the Resource Reservation Protocol (RSVP), 

26. (Withdrawn) The method of claim 1 8, wherein detecting a network attack comprises 
detecting an attack on an access link coupling the destination network device to the network. 
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27. (Currently Amended) A method comprising; 

establishing virtual private network service including a packet tunnel having a source 
network address and a destination network address; 

reserving for the packet tun nel an amount of bandwidth within an access link: 
detecting a network attack; m& 

establishing new virtual private network service upon detecting the network attack, 
wherein the new virtual private network service comprises two or more concatenated packet 
tunnels ; and 

canceling the reserved bandwidth for the packet tunnel after establishing the new virtual 
private network service , 

28. (Original) The method of claim 27, wherein establishing the new virtual private network 
service comprises: 

selecting an intermediate network device upon detecting the network attack; 

establishing a first packet tunnel from the source network address and terminating on the 
intermediate network device; and 

establishing a second packet tunnel originating from the intermediate network device and 
terminating at the destination network address. 

29. (Original) The method of claim 27, wherein establishing a packet tunnel comprises: 

maintaining a set of available multicast network addresses; 

selecting one of the multicast network addresses for the destination network address of 
the packet tunnel; and 

subscribing to a multicast channel for the selected multicast network address. 

30. (Previously Presented) The method of claim 27, wherein detecting a network attack 
comprises detecting an attack on an access link coupling a destination network device to a 
network. 
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31. (Withdrawn) A method comprising: 

maintaining a set of alternate multicast network addresses and a set of alternate unicast 
network addresses; 

assigning one of the multicast network addresses to a packet tunnel terminating on a 
network device; and 

assigning one of the unicast network addresses to a packet tunnel originating from the 
network device, 

32, (Withdrawn) The method of claim 31, further comprising: 

detecting a network attack; and 

selecting a new multicast network address for the packet tunnel terminating on the 
network device upon detecting the network attack. 

33 , (Withdrawn) The method of claim 3 1 , further comprising subscribing to a multicast 
channel for the multicast network address assigned to the packet tunnel terminating on the 
network device, 

34. (Withdrawn) The method of claim 33, further comprising: 

detecting a network attack; 
unsubscribing to the multicast channel; 

selecting a new multicast network address for the packet tunnel terminating on the 
network device upon detecting the network attack; and 

subscribing to a new multicast channel for the new multicast network address. 



-8- 

PAGE 10/19 • RCVD AT 5/23/2006 5:05:15 PM [Eastern Daylight Time] ■ SVR:USPTO-EFXRF-2/19 ' DNISOTOO ■ CSID:6517351102 1 DURATION (mnKS):0M2 



05/23/2006 14:58 6517351102 



SHUMAKER & SIEFFERT 



PAGE 11/19 



Application Number 10/057,043 
Amendment dated May 23, 2006 
Responsive to Office Action mailed February 23, 2006 

35. (Currently Amended) A system comprising 

a source device coupled to a network; and 

a destination device coupled to the network, wherein the source device and the 
destination device establish a packet tunnel having a source network address and a destination 
network address aad, reserve for the packet tunnel an amount of bandwidth witliin an access link, 
upon detecting a network attack, select a new network address for at least one of the source 
network address and the destination network address, and establish a new packet tunnel, wherein 
the new packet tunnel comprises two or more concatenated packet tunnels , and cancel the 
reserved bandwidth for the packet tunnel after the new packet tunnel is established . 

36. (Original) The system of claim 35, wherein the source network address and the destination 
network address comprise port numbers. 

37. (Original) The system of claim 35, wherein the source network address and the destination 
network address comprise Internet Protocol (IP) addresses. 

38. (Previously Presented) The system of claim 35, wherein the destination device and the 
source device comprise edge routers that couple local area networks to the network. 

39. (Previously Presented) The system of claim 35, wherein the destination device detects an 
attack on an access link coupling the destination device to the network 

40. (Currently Amended) The system of claim 35, wherei n, upon the reserved bandwidth for 
the packet tunnel being canceled, the destination device reserves for the new packet tunnel an 
amount of bandwidth within en the access link ooupl i ng4h eH de sfr Ration device to the n e twork, 
and furth e r wher e in upon det e cting the n e twork attack the destination d e vice cancels th e r e served 
bandwidth for tho packet tunnel and rooorvos the bandwidth for tho now packet tunnel . 
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41 . (Original) The system of claim 35, wherein the destination device and the source device 
exchange a set of available network addresses for the source network address and the destination 
network address of the packet tunnel. 

42. (Original) The system of claim 35, wherein the destination device comprises a storage 
medium to store a set of available network addresses for use as the source network address and 
the destination network address of the packet tunneL 

43. (Previously Presented) The system of claim 35, wherein the source device and destination 
device establish the packet tunnel by establishing a first packet tunnel that terminates on an 
intermediate network device, and establishing a second packet tunnel that originates from the 
intermediate network device. 

44. (Original) The system of claim 43, wherein the intermediate network device de-encapsulates 
packets received from the first packet tunnel and re-encapsulates the packets for communication 
to the destination device via the second packet tunnel. 

45. (Original) The system of claim 43, wherein the source device and the destination device 
establish a secure signaling channel and send via the secure signaling channel control packets to 
monitor the performance of the first and second packet tunnels. 

46. (Original) The system of claim 45, wherein the destination device selects a new intermediate 
network device when the performance reaches a minimum threshold. 

47. (Withdrawn) A system comprising 

a source device coupled to a network by a first access link, wherein the source device 
originates a packet tunnel; and 

a destination device coupled to the network by a second access link, wherein the 
destination device terminates the packet tunneL and further wherein the destination device 
establishes for the packet tunnel a truncated reservation path within the second access link. 
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48. (Withdrawn) The system of claim. 47, wherein the destination device issues a 
reservation command to a service provider device to reserve an amount of bandwidth within the 
second access link, 

49. (Withdrawn) The system of claim 47, wherein the destination device cancels the 
truncated reservation path upon detecting a network attack. 

50. (Withdrawn) The system of claim 49, wherein the destination device establishes a new 
packet tunnel upon detecting the network attack and reserves for the new packet tunnel an 
amount of bandwidth within the second access link. 

51. (Canceled), 

52. (Canceled). 

53. (Currently Amended) A computer-readable medium comprising instructions to cause a 
processor to: 

establish a packet tunnel having a source network address and a destination network 
address; 

reserve for the packet tunnel an amount of bandwidth within an access link; 
detect a network attack; 

select a new network address for at least one of the source network address and the 
destination network address upon detecting the network attack; a*d 

establish a new packet tunnel using the new network address, wherein the new packet 
tunnel comprises two or more concatenated packet tunnels : and 

cancel the reserved bandwidth for the packet tunnel after the new packet tunnel is 
established 
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54. (Currently Amended) The computer-readable medium of claim 53, further comprising 
instructions to cause the processor to: 

upon the reserved bandwidth for the packet tunnel being canceled, r eserve for the new 
packet tunnel an amount of bandwi dth within a» the access Iinkt 

upon detecting the network ottock, cancel the rooorvod bandwidth for the packet tunn e l; 

and— 

res e rve an amount of bandwidth - for the new packet tunnel . 

55. (Currently Amended) The computer-readable medium of claim 53, further comprising 
instructions to cause the processor to: 

maintain a set of available network addresses; and 

select one of the network addresses as the new network address^ 

e stablish a n e w paoket tunnol using the now notwork address for the -4 os * H^ 4 ^^ e t - w<^k - 
address; and 

r e s e rve for th e n e w r paoket tunn e l an amount of bandwidth within an acc e ss link . 

56. (Previously Presented) The computer-readable medium of claim 53, further comprising 
instructions to cause the processor to: 

select an intermediate network device; 

establish a first packet tunnel that terminates on the intermediate network device; and 
establish a second packet tunnel that originates from the intermediate network device. 
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